CVE-2024-26925

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 6.5 through 6.9-rc3

Description The issue is related to a locking problem in the nf tables abort() function of the netfilter subsystem in the Linux kernel. This problem can allow an attacker to impact the confidentiality, integrity, and availability of protected information. The commit mutex should not be released during the critical section between nft gc seq begin() and nft gc seq end(), otherwise, an async GC worker could collect expired objects and get the released commit lock within the same GC sequence. The nf tables module autoload() function temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Moving it to the end of the abort phase after nft gc seq end() is called resolves the issue.

Recommendations As a temporary workaround, consider disabling the nf tables abort() function until a patch is available. Restrict access to the netfilter subsystem to minimize the risk of exploitation. Update to a version of the Linux kernel that includes the fix for this issue, which involves moving the mutex release to the end of the abort phase after nft gc seq end() is called. At the moment, there is no information about a newer version that contains a fix for this vulnerability.